Visible to the public Security Development Lifecycle for Cyber-Physical Production Systems

TitleSecurity Development Lifecycle for Cyber-Physical Production Systems
Publication TypeConference Paper
Year of Publication2019
AuthorsEckhart, Matthias, Ekelhart, Andreas, Lüder, Arndt, Biffl, Stefan, Weippl, Edgar
Conference NameIECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society
KeywordsAustrian-based system, cyber-physical production systems, Cyber-physical systems, Design engineering, domain experts, Expert Systems and Security, False Data Detection, Guidelines, Human Behavior, IEC standards, industrial security concept, Industries, Industry 4.0, Information security, Manufacturing industries, manufacturing industry, manufacturing systems, production engineering computing, Production systems, production systems engineering process, pubcrawl, Resiliency, Safety, Scalability, security, security by design, security development lifecycle, security of data, security standards, smart production system, Software, Standards

As the connectivity within manufacturing processes increases in light of Industry 4.0, information security becomes a pressing issue for product suppliers, systems integrators, and asset owners. Reaching new heights in digitizing the manufacturing industry also provides more targets for cyber attacks, hence, cyber-physical production systems (CPPSs) must be adequately secured to prevent malicious acts. To achieve a sufficient level of security, proper defense mechanisms must be integrated already early on in the systems' lifecycle and not just eventually in the operation phase. Although standardization efforts exist with the objective of guiding involved stakeholders toward the establishment of a holistic industrial security concept (e.g., IEC 62443), a dedicated security development lifecycle for systems integrators is missing. This represents a major challenge for engineers who lack sufficient information security knowledge, as they may not be able to identify security-related activities that can be performed along the production systems engineering (PSE) process. In this paper, we propose a novel methodology named Security Development Lifecycle for Cyber-Physical Production Systems (SDL-CPPS) that aims to foster security by design for CPPSs, i.e., the engineering of smart production systems with security in mind. More specifically, we derive security-related activities based on (i) security standards and guidelines, and (ii) relevant literature, leading to a security-improved PSE process that can be implemented by systems integrators. Furthermore, this paper informs domain experts on how they can conduct these security-enhancing activities and provides pointers to relevant works that may fill the potential knowledge gap. Finally, we review the proposed approach by means of discussions in a workshop setting with technical managers of an Austrian-based systems integrator to identify barriers to adopting the SDL-CPPS.

Citation Keyeckhart_security_2019